14 DAY TRIAL // The recently discovered CCleaner malware was much more severe than previously suspected, as researchers find that it was designed for industrial espionage in companies such as Google, Sony, Intel, Microsoft, and many others.
The CCleaner developers announced a couple of days ago that their application was modified to collect data from users and to grant control to hackers. This happened with a particular version and before it was made available for download, which makes things all that more interesting.
The infected version of CCleaner was available for download almost a month before the malware was discovered. The initial assessment was that the goal of the hackers was to gain access to computers and to gather data. All that information was sent to a server, but it’s not clear what was done with it.
The scope of the attack is much bigger than suspected
A second payload was written in the subroutines, but it was unclear if it was delivered or if it was used. Now, Cisco's Talos security division analyzed the second part of the attack and found out that the CCleaner malware was actually designed to penetrate the security of much bigger companies. And it's possible that it has succeeded.
Because CCleaner is so popular, a lot of people installed it, and that means at work. People working for companies such as Microsoft, Intel, Sony, Cisco, VMWare, Samsung, and many others installed this application at work and gave attackers a way in.
As it stands right now, the recent CCleaner malware is believed to be industrial espionage on a scale hard to imagine. The total number of PCs infected is about 700,000, which means that companies have been breached.
Who’s to blame?
“A fairly sophisticated attacker designed a system which appears to specifically target technology companies by using a supply chain attack to compromise a vast number of victims, persistently, in hopes to land some payloads on computers at very specific target networks,” noted the Talos security division.
Although it’s very difficult to identify the attackers, some of the methods used pinpoint to Group 72. This is a team of hackers that have targeted organizations in United States, Japan, Taiwan, and Korea.